Problem with Samba+LDAP

From: Luiz Alfredo Baggiotto (luiz@pucrs.br)
Date: Sat Apr 23 2005 - 01:20:02 EDT

• Next message: sunmanagers@freehome.ch: "SUMMARY Solaris 8 Jumpstart Server Problem"
• Previous message: Ryan Krenzischek: "SUMMARY: Jumpstart Locale Errors..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Greetings Experts!

Sorry for my poor english and a crosslisting post, but I4m inside of a
terrible nightmare!!!
I4m using Samba+LDAP has about 2 months ago without problems, but in the last
4 hours, the system is absolutelly unstable. I couldn4t upgrade or patched
anything. The problem simply has appeared.

Principally system characteristics:

- Sun Fire V880 running Solaris 9
- openldap-2.2.23
- PADL nss_ldap-232
- PADL pam_ldap-176
- samba-3.0.11 ==> samba-3.0.14a

Symptoms: the users couldn4t make login in Samba domain and the network for
those that already connected were was very slow. SSH, NFS and Apache services
were ok. The syslog said "nss_ldap: could not get LDAP result - Can't contact
LDAP server".

I tried to reinitialize the daemons (samba and ldap) but the problem has
persisted. After that, I rebooted the server, but it doesn4t solve the problem
too. Then I was upgraded my samba (from 3.0.11 to 3.0.14a) and now is possible
to make login and work normally, but as at the moment it has only one few
users, I fear that in the Monday the problem can be happened again.

Please, PLEASE: somebody has some idea about as it can happen and as I could
solve the problem, in case that it happens again? I4m really despaired. Any
help is very appreciated!

My smb.conf is thus:

# Global parameters
[global]
        workgroup = MY_DOMAIN
        netbios name = ARRAKIS
        server string = Server
        security = USER
        passdb backend = ldapsam:ldap://ldap.domain/
        passwd program = /usr/local/sbin/smbldap-passwd -u %u
        passwd chat = *password* %n\n *new*password* %n\n
        passwd chat debug = Yes
        encrypt passwords = Yes
        log level = 3
        max log size = 50000
        load printers = No
        kernel oplocks = No
        utmp = yes
        domain logons = Yes
        domain master = Yes
        use sendfile = no
        keep alive = 60
        smb ports = 445 139
        wins server = 10.40.48.25
        delete user script = /usr/local/sbin/smbldap-userdel "%u"
        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
        delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
        add group script = /usr/local/sbin/smbldap-groupadd "%g"
        delete group script = /usr/local/sbin/smbldap-groupdel "%g"
        logon drive = h:
        logon script = %U.bat
        logon path = \\%N\profiles\%U
        ldap server = ldap.domain
        ldap port = 389
        ldap suffix = dc=domain,dc=mine
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap admin dn = cn=Administrator,dc=domain,dc=mine
        ldap passwd sync = Yes
        ldap delete dn = Yes

I was compiled the softs with these options:

OpenLDAP: ./configure --with-tls \
                                --disable-wrappers \
                                --enable-crypt \
                                --enable-bdb \
                                --enable-ldbm \
                                --enable-spasswd \
                                --with-cyrus-sasl \
                                --enable-slapd \
                                --enable-syslog \
                                --enable-ipv6=no \
                                --without-kerberos \
                                --enable-shared

Samba: ./configure --with-readline \
                                --with-smbwrapper \
                                --with-ldap \
                                --with-ldapsam \
                                --with-pam \
                                --with-pam_smbpass \
                                --with-syslog \
                                --with-quotas \
                                --with-utmp \
                                --with-vfs

Apparently, the most significative system error log says this:

===============================================
Apr 23 00:09:46 arrakis smbd[22907]: [ID 510469 daemon.error] nss_ldap: could
not get LDAP result - Can't contact LDAP server
Apr 23 00:09:46 arrakis last message repeated 1 time
Apr 23 00:09:46 arrakis smbd[22907]: [ID 982204 daemon.info] nss_ldap:
reconnecting to LDAP server...
Apr 23 00:09:46 arrakis slapd[159]: [ID 848112 local4.debug] conn=1364 fd=19
ACCEPT from IP=200.132.10.12:34100 (IP=0.0.0.0:389)
Apr 23 00:09:46 arrakis slapd[159]: [ID 347666 local4.debug] conn=1364 op=0
BIND dn="" method=128
Apr 23 00:09:46 arrakis slapd[159]: [ID 217296 local4.debug] conn=1364 op=0
RESULT tag=97 err=0 text=
Apr 23 00:09:46 arrakis smbd[22907]: [ID 569656 daemon.info] nss_ldap:
reconnected to LDAP server after 1 attempt(s)
Apr 23 00:09:46 arrakis slapd[159]: [ID 870088 local4.debug] get_filter:
unknown filter type=130
Apr 23 00:09:46 arrakis last message repeated 3 times
Apr 23 00:09:46 arrakis slapd[159]: [ID 998954 local4.debug] conn=1364 op=1
SRCH base="dc=domain,dc=mine" scope=2 deref=0 filter="(&(
objectClass=nisNetgroup)(|(?=undefined)(?=undefined)(?=undefined)(?=undefined
)(?=undefined)(?=undefined)(?=undefined)(?=undefined)
(?=undefined)(?=undefined)(?=undefined)(?=undefined)))"

......

Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:set_socket_options(202)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Failed to set
socket option SO_KEEPALIVE (Error Invalid argument)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:set_socket_options(202)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Failed to set
socket option TCP_NODELAY (Error Invalid argument)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] getpeername
failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] getpeername
failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/access.c:check_access(328)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] getpeername
failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Denied
connection from (0.0.0.0)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] getpeername
failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Connection
denied from 0.0.0.0
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:write_socket_data(430)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error]
write_socket_data: write failure. Error = Broken pipe
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:write_socket(455)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] write_socket:
Error writing 5 bytes to socket 5: ERRNO = Broken pipe
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:send_smb(647)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Error writing
5 bytes to client. -1. (Broken pipe)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:set_socket_options(202)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Failed to set
socket option SO_KEEPALIVE (Error Invalid argument)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:set_socket_options(202)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Failed to set
socket option TCP_NODELAY (Error Invalid argument)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] getpeername
failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] getpeername
failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/access.c:check_access(328)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] getpeername
failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Denied
connection from (0.0.0.0)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] getpeername
failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Connection
denied from 0.0.0.0
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:write_socket_data(430)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error]
write_socket_data: write failure. Error = Broken pipe
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:write_socket(455)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] write_socket:
Error writing 5 bytes to socket 5: ERRNO = Broken pipe
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] lib/util_sock.c:send_smb(647)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Error writing
5 bytes to client. -1. (Broken pipe)
Apr 23 00:10:59 arrakis smbd[22723]: [ID 702911 daemon.error] [2005/04/23
00:10:59, 0] smbd/server.c:open_sockets_smbd(388)
Apr 23 00:10:59 arrakis smbd[22723]: [ID 702911 daemon.error]
open_sockets_smbd: accept: Software caused connection abort
===============================================

I was read about these errors in the samba-list archives and tried to use some
options in my smb.conf (more especifically "keep alive = 60", "smb ports = 445
139" e "use sendfile = no"), but this didn4t result. These errors appears to
each 1-5 minutes.

THANKS in advance for ANY help.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: sunmanagers@freehome.ch: "SUMMARY Solaris 8 Jumpstart Server Problem"
• Previous message: Ryan Krenzischek: "SUMMARY: Jumpstart Locale Errors..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:35 EDT